DETECTION OF MALICIOUS SENSOR ATTACKS AND TELEMETRY SPOOFING IN CYBER-PHYSICAL SYSTEMS BASED ON A MODIFIED KALMAN FILTER

Abstract

This paper presents an event-adaptive method for detecting falsifications, anomalies, and malicious manipulations in sensor data of cyber-physical systems (CPS) operating in real time. The proposed approach is based on a modified Kalman filter with event-driven mode switching and is specifically aimed at counteracting cyber threats caused by malicious software and targeted computer attacks, including telemetry spoofing, false data injection, replay attacks, and stealthy sensor-level interference. Such attacks are particularly dangerous for embedded and control systems, as they may remain undetected while gradually degrading system performance or causing unsafe behavior.

The method integrates recursive state estimation with innovation-based statistical analysis, allowing the system to identify inconsistencies between predicted and measured signals. Unlike traditional multiple-model or bank-of-filters approaches, the proposed scheme enables reliable discrimination between legitimate changes in system operating modes and malicious disturbances without the need for parallel execution of several dynamic models. Event-triggered logic is used to adaptively switch system models or temporarily suppress suspicious measurements when abnormal innovations are detected, thereby maintaining estimation stability and accuracy under adversarial conditions.

A key advantage of the proposed solution is its low computational complexity and practical applicability. The method does not rely on machine learning algorithms, large training datasets, or computationally intensive robust estimation techniques. Instead, it employs compact stochastic models with linear–quadratic computational complexity, making it suitable for implementation in real-time operating systems and resource-constrained embedded platforms. This ensures predictable execution time and minimal impact on system latency.

Experimental validation was carried out on a FreeRTOS-based platform, simulating frequent mode transitions and various sensor attack scenarios. The results demonstrate a significant reduction in false alarms during normal operational changes, timely detection of malicious sensor behavior, and stable state estimation performance with minimal processor and memory overhead. Overall, the proposed approach enhances the cyber resilience, fault tolerance, and information security of embedded and cyber-physical systems used in safety- and mission-critical applications.